Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Infosec News Nuggets — July 6, 2026 – AboutDFIR

    July 6, 2026

    Celebrating 1 Million Subscribers on July 8th!

    July 5, 2026

    Flipper Zero firmware development continues with community help

    July 5, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Infosec News Nuggets — July 6, 2026 – AboutDFIR
    News

    Infosec News Nuggets — July 6, 2026 – AboutDFIR

    adminBy adminJuly 6, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

    A high-severity SharePoint Server flaw enabling remote code execution through deserialization of untrusted data was added to a federal known-exploited-vulnerabilities catalog after evidence surfaced that attackers are actively exploiting it. The bug, patched in May but only now confirmed under active attack, lets an authenticated user with minimal permissions run code remotely, and federal civilian agencies have been ordered to apply the fix by July 4. The disclosure follows a separate investigation that found two unrelated threat actors operating simultaneously inside one compromised network, each using distinct tools and persistence techniques that complicated efforts to determine the full scope of the intrusion.

     

    DHS Confirms Hackers Breached HSIN Info-Sharing Platform

    An unidentified threat actor breached a sensitive information-sharing platform used by federal, state, local, and private-sector partners to coordinate on security incidents and threats, with the intrusion believed to have occurred between late May and early June. Investigators have not yet attributed the attack or confirmed whether documents were stolen, though the compromised network is also used to coordinate safety and security around major public events, raising concerns about exposed planning details. Officials say classified systems were not affected and that the impacted environment was isolated once the incident was discovered.

     

    FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

    A large-scale credential-harvesting operation that has targeted more than 430,000 firewalls across 150 countries since February has been tied directly to two active ransomware operations, with researchers finding a single operator logged into both groups’ negotiation panels using infrastructure traceable back to the campaign. The attackers deployed a network sniffer to capture cleartext credentials and password hashes passing through compromised devices, ultimately harvesting more than 110 million credentials and gaining full domain administrator access on hundreds of targets. Twelve of those intrusions have already resulted in ransomware deployment, encrypting hundreds of endpoints across the affected organizations.

     

    Criminals Pose as Interpol in Phishing Emails to Deliver Ransomware

    A phishing campaign is impersonating international law enforcement to pressure small businesses across Europe, Asia, the Middle East, and North America into opening a supposed evidence file tied to fraudulent activity. The message directs recipients to a password-protected file hosted on a cloud storage service that actually contains an executable disguised as a video, which deploys ransomware once run. Rather than naming a fixed ransom amount, the attackers instruct victims to make contact over an encrypted messaging service, suggesting they negotiate demands based on a target’s size and perceived ability to pay.

     

    DHS to Unveil Replacement Council for Critical Infrastructure Cybersecurity

    The Department of Homeland Security is reviving a cybersecurity information-sharing partnership with critical infrastructure operators more than a year after the previous advisory body was dissolved, leaving power, water, and telecommunications owners without a formal channel to coordinate on threats with federal agencies. The new council will be managed directly by the federal cybersecurity agency, which will select industry participants itself rather than letting the private sector self-organize as before, and its meetings will be exempt from public transparency requirements given the sensitivity of the material discussed. Lawmakers and former officials welcomed the restoration of the partnership while raising questions about how membership and influence will be distributed among participants.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleCelebrating 1 Million Subscribers on July 8th!
    admin
    • Website

    Related Posts

    News

    Flipper Zero firmware development continues with community help

    July 5, 2026
    News

    JadePuffer ransomware used AI agent to automate entire attack

    July 4, 2026
    News

    SOLVED: The Case of the Missing Megalodon

    July 4, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202633 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202633 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Our Picks

    Infosec News Nuggets — July 6, 2026 – AboutDFIR

    July 6, 2026

    Celebrating 1 Million Subscribers on July 8th!

    July 5, 2026

    Flipper Zero firmware development continues with community help

    July 5, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.